struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukasz Lenart <lukaszlen...@apache.org>
Subject Re: Regarding latest struts 2.3.x changes and issues with DMI and Wildcards
Date Thu, 30 Jan 2014 05:59:39 GMT
2014-01-29 Eric Reed <EREED2@mail.nysed.gov>:
> Security has, and should be an open arrangement between developers and
> the clients for which they develop code.
>
> This relationship is as follows:
>
> 1. I detect an exploit in YOUR code.
>
> 2. I inform you of the exploit along with a proof of concept.
>
> 3. I give you time to release a patch and notify your clients. (Around
> 2 months, give or take)

2 months may not be enough ;-)


Regards
-- 
Ɓukasz
+ 48 606 323 122 http://www.lenart.org.pl/

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message